12

68
Appendix A: Case Statistics from the Dutch High Tech Crime Unit
The data and statistics below represent a sample of 32 data breach investigations by the Dutch National High Tech Crime Unit
reaching back to 2006. As mentioned in the methodology earlier in our report, the NHTCU caseload varies from year to year, data
breaches being only one aspect of their mission. The NHTCU targets cases they classify as “high tech crime,” which can roughly
be de
ned as those forms of crime that are organized, target computer systems, and use sophisticated new technology or
methods. Cyber-related issues that target vital national interests are also taken up.
These 32 breaches encompassed a total of 144,076 data records con
rmed by the NHTCU to be compromised. However, the
extent of data loss could not be determined for the majority of incidents, so this
gure represents the lowest end of the potential
range (we discuss reasons for this in the main report). In this section, we highlight
ndings from these investigations,
concentrating on the agents, actions, assets, and attributes involved. In reviewing this data, you will see that these are not unlike
those seen in both the Verizon and USSS case sets over the last several years.
Demographics
The NHTCU’s cases spanned several di
erent
industries, organizational sizes, and locations.
The top victim industry was that of Financial
Services, which included some of the largest
banks in the Netherlands as well as others
throughout Europe and the United States.
Those victims within the Education industry
consisted mostly of European universities.
Technology Services victims were a mix of
managed IT and security services
rms and software development shops. Several of
these organizations lost valuable IP and other sensitive data. Per Table 2, organizational
size was weighted toward larger organizations.
Agents
Every case involving a data breach within the NHTCU’s incidents involved an external
agent, of which most were from Eastern and Western Europe. Based on the details of
case selection listed above, it’s not surprising that three-quarters of the external agents
are categorized as organized criminal groups. The next largest group is una
liated
person(s). One of the NHTCU’s investigations included an insider who did not act
deliberately, but nonetheless broke a policy regarding the reuse of corporate
passwords that led directly to one of the data breaches.
Yet another dataset showing a strong majority of external agents in both frequency
and data loss. Isn’t that interesting?
Industry groups represented by number of breaches
16
7
7
1
1
Financial
Services
Education
Tech Services
Government
Retail
Organizational size by number of
breaches (number of employees)
1 to 10
0
11 to 100
1
101 to 1,000
4
1,001 to 10,000
9
10,001 to 100,000
14
Over 100,000
2
Unknown
2

69
Actions
The top three threat action categories were Hacking, Malware, and
Social. The most common types of hacking actions used were the use of
stolen login credentials, exploiting backdoors, and man-in-the-middle
attacks. These were often carried out via the web or backdoors opened


You've reached the end of your free preview.
Want to read all 72 pages?
- Fall '14
- Smith,R
- Secret Service, United States Secret Service, USSS